What is claimed is: 

1- A method for generating and verifying an ID-based 
blind signature by using bilinear parings, the method 
5 comprising the steps of: 

generating system parameters, selecting a master key, 
and then disclosing the system parameters by a trust 
authority; 

generating a private key by using a signer's identity 
10 and the master key, and then transferring the private key to 
the signer through a secure channel by the trust authority; 

receiving and storing the system parameters by a user 
and receiving and storing the system parameters and the 
private key by the signer; 
15 computing a commitment by using at least one of the 

system parameters, and then sending the commitment to the 
user by the signer; 

blinding a message by using the commitment and a 
public key based on the signer's identity, and then sending 
20 the blinded message to the signer by the user; 

signing the blinded message by using the private key, 
and then sending the signed message to the user by the 
signer; 

unblinding the signed message by the user; and 
25 verifying the signature by the user, 

wherein the system parameters include Gj, G 2 r e, q, P, 
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Ppub, H 2 and H 2r where Gx is a cyclic additive group whose 
order is a prime q, G 2 is a cyclic multiplicative group of 
the same order q, e is a bilinear paring defined by e: Gj x 
Gx G 2 , P is a generator of G lf P pub is the trust 

5 authority's public key described by P pub = s • P, where s is 
the master key, and H 2 and H 2 are hash functions, 
respectively, described by Hj : {0,1}* -> Z g * and H 2 : {0,1}* 
Gi, where Z q * is a cyclic multiplicative group, 

wherein the public key Q ID is described by Q ID = H 2 (ID), 
10 where ID is the signer's identity, and the private key S ID 
is described by S ID = s ■ Q IDf and 

wherein the commitment U is described by U = r-Q ID , 
where r is a random number the signer chooses. 

15 2. The method of claim 1, wherein the blinded message h 
is described by h = a~ 1 H 1 (m, U') + (3, where in is a message to 
be sent, U' is described by U' = aU + a(5Q ID and a and f3 are 
blinding factors belonging to Z q * . 

20 3. The method of claim 2, wherein the signed message is 
described by V = (r + h) S ID . 

4. The method of claim 3, wherein the step of unblinding 
is performed by using formula V'= aV. 

25 

5. The method of claim 4, wherein the step of verifying 
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is preformed by using following equations: 
e(V, P) 

« e(U', + H 2 (m, U')Q ID , P puh ) . 

5 6. An apparatus for generating and verifying an ID-based 
blind signature by using bilinear parings, the apparatus 
comprising: 

means for generating system parameters, selecting a 
master key, and then disclosing the system parameters by a 
10 trust authority; 

means for generating a private key by using a signer' s 
identity and the master key, and then transferring the 
private key to the signer through a secure channel by the 
trust authority; 

15 means for receiving and storing the system parameters 

by a user and receiving and storing the system parameters 
and the private key by the signer; 

means for computing a commitment by using at least one 
of the system parameters, and then sending the commitment to 
20 the user by the signer; 

means for blinding a message by using the commitment 
and a public key based on the signer's identity, and then 
sending the blinded message to the signer by the user; 

means for signing the blinded message by using the 
25 private key, and then sending the signed message to the user 
by the signer; 
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means for unblinding the signed message by the user; 

and 

means for verifying the signature by the user, 

wherein the system parameters include G lf G 2f e, q, P, 
5 Ppubr Hi and H 2r where Gi is a cyclic additive group whose 
order is a prime q, G 2 is a cyclic multiplicative group of 
the same order q, e is a bilinear paring defined by e: G 2 x 
Gi -> G 2 , P is a generator of G lf P pub is- the trust 
authority 1 s public key described by P pub = s • P, where s is 
10 the master key, and H x and H 2 are hash functions, 
respectively, described by H x : {0,1}* -> Z q * and H 2 : {0,1}* 
G lf where Z q * is a cyclic multiplicative group, 

wherein the public key Q ID is described by Q ID = H 2 (ID), 
where ID is the signer's, identity, and the private key S ID 
15 is described by S ID = s • Q ID , and 

wherein the commitment U is described by U = r-Q ID , 
where r is a random number the signer chooses. 

7. The apparatus of claim 6, wherein the blinded message 
20 h is described by h = a~ 1 H 1 (m, U') + f3, where in is a message 

to be sent, U r is described by U' = aU + ot&Q 1D and a and /3 
are blinding factors belonging to Z q * . 

8. The apparatus of claim 7, wherein the signed message 
25 is described by V = (r + h) S ID . 
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9. The apparatus of claim 8, wherein the means for 
unblinding is performed by using formula V'= aV. 

10. The apparatus of claim 9, wherein the means for 
5 verifying is preformed by using following equations: 

e(V, P) 

= e(U', + H ± (m, U')Q ID , P pub ) . 
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